New vulnerabilities in Rockwell Automation programmable logic controllers (PLCs) pose a significant threat to critical infrastructure and industrial environments. These vulnerabilities are located in the communication modules of the PLCs, which are responsible for physically controlling operational technology equipment. They can be exploited through malicious common industrial protocol (CIP) messages, potentially leading to serious disruptions.
The first vulnerability, known as CVE-2023-3595, is classified as critical with a CVSS score of 9.8 out of 10. This vulnerability allows threat actors to exploit the PLC’s firmware memory, enabling them to carry out remote code execution (RCE) with persistence. In addition, they can modify, deny, or even withdraw data flowing through the PLC, thereby affecting equipment performance. This vulnerability poses a significant risk as it could potentially lead to unauthorized control and manipulation of critical systems.
The second vulnerability, labeled as CVE-2023-3596, has a CVSS score of 7.5. It can be used to trigger a denial-of-service (DoS) condition, rendering the device inoperable. This type of disruption can cause significant downtime and financial losses for organizations that rely on these PLCs for their daily operations.
One particularly concerning aspect of these vulnerabilities is the possibility of cyberattackers infiltrating a PLC and remaining undetected until they decide to launch an attack. This means that organizations may unknowingly have malicious actors within their systems, thus compromising the integrity and security of their infrastructure. Experts at Dragos highlight that such attacks can corrupt incident response and recovery information, making it difficult to detect and mitigate the damage caused by the attackers.
Multiple industries, including energy and transportation, rely on these vulnerable communications modules. Given the potential impact on critical infrastructure, it is essential for organizations to apply the provided patches promptly. Rockwell Automation has released patches for all affected products, including those that are no longer under active support.
To assist users in identifying the affected products and implementing mitigation strategies, the Cybersecurity and Infrastructure Security Agency (CISA) and Rockwell Automation have issued advisories. These advisories include detailed information on the vulnerabilities, steps for mitigation, and detection recommendations. Users are urged to review these resources and take the necessary actions to secure their systems.
In an era where cyber threats continue to escalate, it is crucial for organizations to prioritize the security of their operational technology. Steps such as regularly updating and patching industrial control systems, implementing robust network segmentation, and conducting thorough vulnerability assessments can help mitigate the risk posed by these vulnerabilities.
By staying vigilant and proactive, organizations can fortify their defenses and minimize the potential for disruptive cyberattacks on critical infrastructure and industrial environments. Collaboration between industry stakeholders, government agencies, and cybersecurity experts is essential to ensure the ongoing protection of these vital systems.